Helm Chart
Security: To verify the container’s authenticity and inspect its SBOM, see the Attestation & Verification Guide.
Installing the Helm Chart
Section titled “Installing the Helm Chart”The Subnoto API Proxy is available as a Helm chart published to an OCI registry. This makes it easy to deploy to any Kubernetes cluster.
Installation
Section titled “Installation”Install the chart directly from the OCI registry:
helm install api-proxy oci://registry-1.docker.io/subnoto/api-proxy --version 0.1.1Available Versions
Section titled “Available Versions”View available versions on Docker Hub or use the Docker Hub API:
curl -s https://registry.hub.docker.com/v2/repositories/subnoto/api-proxy/tags/ | jq -r '.results[].name'Configuration
Section titled “Configuration”Configuration Parameters
Section titled “Configuration Parameters”| Parameter | Description | Default |
|---|---|---|
replicaCount | Number of replicas | 1 |
image.repository | Container image repository | subnoto/api-proxy |
image.tag | Container image tag | Chart version |
image.pullPolicy | Image pull policy | IfNotPresent |
env.API_BASE_URL | Backend API URL | https://enclave.subnoto.com |
env.PORT | Container port | 8080 |
env.DISABLE_ATTESTATION | Disable attestation checks | false |
env.ATTESTATION_PUBLIC_KEYS | Base64-encoded attestation keys | "" |
service.type | Kubernetes service type | ClusterIP |
service.port | Service port | 8080 |
ingress.enabled | Enable ingress | false |
resources.requests.memory | Memory request | 512Mi |
resources.requests.cpu | CPU request | 100m |
resources.limits.memory | Memory limit | 1Gi |
resources.limits.cpu | CPU limit | 500m |
Ingress Configuration
Section titled “Ingress Configuration”To expose the API proxy externally:
ingress: enabled: true className: nginx annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" hosts: - host: api-proxy.example.com paths: - path: / pathType: Prefix tls: enabled: true secretName: api-proxy-tls